What’s a DDOS attack?
A Distributed Denial of Service (DDoS) is a type of cyber attack in which a hacker floods the target device or network with a huge wave of requests. The aim is to disrupt or shut down the target by overwhelming it. DDOS attacks are on the rise, as life becomes more digital for businesses and individuals. It’s therefore essential to understand this risk and protect yourself.
How do DDOS attacks work?
DDoS attacks render the target system inaccessible to legitimate users by overwhelming it with fake traffic.
DDoS attacks rely on an army of compromised bot computers (known as botnets) that can act simultaneously in a corrodinated attack. These connected devices have themselves been hijacked by the attacker in order to be weaponised.
Once the attackers have compromised multiple devices and created a botnet, they then use a Command and Control (C2) server to attack the targeted system until it overloads and ultimately fails. The specific method of attack can vary, but it’s often deployed via a Trojan Horse – a type of malware that’s disguised as an innocuous file or program.
Who is at risk from a DDOS attack?
DDoS attacks are frequently deployed on financial platforms, email services and any system whose shutdown would cause significant disruption. However, increasingly DDoS attacks are also deployed on individuals. For example, DDOS attacks are frequently deployed by disgruntled gamers against their competition.
These types of attacks can cause significant damage, and are a key security threat for businesses, gamers and internet communities. It’s therefore essential that businesses based online understand the key elements of DDoS attack prevention.
How to identify a DDoS attack
Since this type attack is deployed via website traffic, the most reliable way to identify one is to monitor the traffic on your network. This can be done with a basic firewall or traffic detection system – anything that can flag an anomalous traffic surge.
On the front end, a DDoS attack might seem like regular availability issues. These might include:
- The network performing slowly
- Certain services or websites not being available
- Being unable to connect to a particular website
- Unusual spikes in traffic on a site
DDoS attack types
Volumetric attacks
Volumetric attacks usually consume bandwidth resources by creating a huge volume of traffic, which prevents legitimate users from accessing the target system. Types of volumetric attacks include DNS amplification, in which the attacker uses the target’s IP address when initiating a request for a large amount of data. This means the server is simultaneously sending and receiving the same data and subsequently becomes overwhelmed.
Protocol attacks
Protocol attacks target the network resources by overwhelming the firewall or load balancer. Consequently, they’re also sometimes called state-exhaustion attacks. SYN flooding is one example of this type of attack. Here, the attacker manipulates the 3-step handshake of a TCP connection until the network resources are consumed. This means no additional devices can establish a new connection.
Application, layer-7 attacks
Application layer attacks are used to deplete resources in the application layer. In these types of attacks, bots send several million complicated application requests simultaneously so the system gets overwhelmed very quickly. Types of application layer attacks include HTTP flooding, which is effectively similar to refreshing a browser repeatedly from numerous devices.
SSL/TLS encrypted attacks
A hacker can utilise SSL/TLS protocols to mask their malicious incoming traffic, making it hard for the victim to detect. This enables the attacker to evade any prevention system the target has in place.
Risks of DDoS attacks
As you know, this type of cyber attack aims to bring down a particular network or system. This can have major consequences, both for the users of that system, and for the business behind it.
Financial losses
With attacks causing down-time for employees, and preventing users from accessing the targeted service, companies can face lost earnings, compensation and productivity costs. This is not to mention the cost of fixing and recovering from the attack itself.
Disrupted operations
The company or platform affected by the attack will have its processes disrupted, causing complication and extra work internally.
Damage to reputation
And of course, with individuals relying on access to the target system, companies falling victim to DDoS attacks face significant reputational costs. With users and clients losing faith in their security and ability to provide the service consistently, this can have significant business consequences.
How to prevent a DDoS attack
You can put a number of measures in place to prevent DDoS attacks, or at least mitigate their impact.
Developing and regularly reevaluating a response plan is a valuable tactic that can prevent expensive downtimes. Implementing multi-level threat management systems, that will limit the impact of an attack, is also a great move.
It’s also important to monitor your network for any warning signs. Symptoms of an imminent DDoS attack include high volumes of traffic that:
- Come from one IP address or range of IP addresses
- Go to a single webpage
- Come from a single common user characteristic (such as geolocation)
- Occur at at unexpected times of day
Famous DDoS attack examples
With DDoS attacks on the rise, the chances are you’ve already read about a few examples in the news. Here are some significant examples to illustrate how this type of attack impacts companies and users:
Google Cloud attack
In October 2023, Google Cloud announced it had resisted the largest DDoS attack ever deployed on it. At its peak, the assault was sending 398 million requests per second – clocking up more traffic in two minutes than the whole of September that year. The attack would have prevented Google Cloud users from accessing their private data on Cloud.
AWS attack
In February 2020, internet behemoth Amazon Web Services was hit by what was, at the time, the most extreme DDoS attack ever. Lasting three days, the attack peakes at 2.3 terrabytes per second. Despite causing limited damage, ths attack was a worrying development – it showed the sheer scale of assault that could be deployed via DDoS, and illustrated to AWS customers the precarity of their data for future attacks.
A grassroots political party based in Hong Kong, Occupy Central dedicated itself to campaigning for a more democratic voting system. That came to a halt when it was hit with a multi-day DDoS barrage in 2014. The assault – containing 5 separate botnets – was thought to be a response by opponents to the campaign, and derailed their internet presence for the duration of the attack.